<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-multimedia/recipes-multimedia, branch kirkstone</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=kirkstone'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-03-21T12:19:26+00:00</updated>
<entry>
<title>libde265: patch CVE-2025-61147</title>
<updated>2026-03-21T12:19:26+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-03-21T12:00:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=144725f1e36675fe4d76c6f8a73c00cc6c66ebe0'/>
<id>urn:sha1:144725f1e36675fe4d76c6f8a73c00cc6c66ebe0</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147

Backport the patch referenced by the NVD advisory.

Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>vlc: ignore CVE-2026-26227 and CVE-2026-26228</title>
<updated>2026-03-09T15:37:29+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-03-09T10:02:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b712d9b0b14722265f39832e1fcb089ad8413caf'/>
<id>urn:sha1:b712d9b0b14722265f39832e1fcb089ad8413caf</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228

Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>streamripper: ignore CVE-2020-37065</title>
<updated>2026-02-27T16:00:16+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-27T15:40:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4b86569eb479b9d26e5a3a33541baff29cea7e90'/>
<id>urn:sha1:4b86569eb479b9d26e5a3a33541baff29cea7e90</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065

The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2019-8354</title>
<updated>2026-02-09T23:15:56+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4ae19309996051ebc53f1efd07f63bb66f949a8a'/>
<id>urn:sha1:4ae19309996051ebc53f1efd07f63bb66f949a8a</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2019-8354

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2019-13590</title>
<updated>2026-02-09T23:14:56+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d782346939612416133a2991e7cf83e5cffc4012'/>
<id>urn:sha1:d782346939612416133a2991e7cf83e5cffc4012</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13590

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2019-13590

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: mark CVE-2019-1010004 as patched</title>
<updated>2026-02-09T23:14:46+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=417d194dbecd3e45993f660694888914435bfbcd'/>
<id>urn:sha1:417d194dbecd3e45993f660694888914435bfbcd</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004

The description mentions that this vulnerability overlaps with CVE-2017-18189,
and Debian's investigation[1] confirms that it is solved by the same commit.

Add the ID to the CVE tag of CVE-2017-18189.patch.

[1]: https://security-tracker.debian.org/tracker/CVE-2019-1010004

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2017-18189</title>
<updated>2026-02-09T23:14:37+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=15a5b7a6680aef2787904d645670d91442275f31'/>
<id>urn:sha1:15a5b7a6680aef2787904d645670d91442275f31</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-18189

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2017-18189

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2017-15642</title>
<updated>2026-02-09T23:14:27+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=add3e267bf8954e3909eba8baf70abd057e24b37'/>
<id>urn:sha1:add3e267bf8954e3909eba8baf70abd057e24b37</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15642

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2017-15642

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2017-15372</title>
<updated>2026-02-09T23:14:17+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=23dcf5a6e90e72a1b46e3ec6d375e350646c4f6b'/>
<id>urn:sha1:23dcf5a6e90e72a1b46e3ec6d375e350646c4f6b</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15372

Pick the patch that was indeitified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2017-15372

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
<entry>
<title>sox: patch CVE-2017-15371</title>
<updated>2026-02-09T23:14:07+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-02-09T11:38:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f9d6eb7ebde20c58ae6b39804a69d2ba244b63d7'/>
<id>urn:sha1:f9d6eb7ebde20c58ae6b39804a69d2ba244b63d7</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-15371

Pick the patch that was identified by Debian[1] to fix the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2017-15371

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
</content>
</entry>
</feed>
